GoBox
HTB; Linux; 10.129.95.236 Initial Enumeration Nmap Scan showed that the open ports are: 22, 80, 8080 Port 80 8080 is a login page Looks like the breakthrough point is the…
HTB; Linux; 10.129.95.236 Initial Enumeration Nmap Scan showed that the open ports are: 22, 80, 8080 Port 80 8080 is a login page Looks like the breakthrough point is the…
HTB; Windows; Medium; 10.129.x.x Initial Enumeration Port Enumeration showed port 80, 135, 139, 445, 6791 are open Port 80 is quite a static web, not much to exploit except that…
HTB; Linux; Easy 10.129.227.151 TL;DR, the server is vulnerable to XXS injection and the cookie is not set to HttpOnly. For the privilege escalation, try sudo -l. Initial Enumeration Initial…
Enable Burp Suite HTTPS Proxy Well, there is actually no HTTPS Proxy in Burp Suite, there is just HTTP Proxy, but in linux you won’t be able to let HTTPS…
HTB; Medium; Linux; 10.129.95.153 My Complain about this virtual machine. When I used the poc of CVE-2023-42793, I created an admin account at the TeamCity website, but….I cannot use the…
TL;DR, go to Appearnce -> Theme File Editor -> functions.php, scroll down to the bottom of the file, and add this line add_filter('run_wptexturize', '__return_false'); This is by far the most…
I honestly never thought this could be such a weird process, but you cannot complain too much for a free software. I thought this should be an easy task, but…
(constantly under construction) Python interactive shell Linux Reverse Shell in one line File Extraction File Compression Base64 encode and decode FFUF FFUZ The general flags Nmap Proxychains scan “ “…
Every CTF machine is a unique experience, and it’s important to write done what impressed you and the reason why you f*&k up, so you become a better CTF player.…
The linux's overlay filesystem seems to be interesting. https://securitylabs.datadoghq.com/articles/overlayfs-cve-2023-0386 API hacking, Hacking APIs: Breaking Web Application Programming Interfaces XXS and offense and defense, especially the techniques to bypass HttpOnly cookie…